PT-2025-32643 · Smartclient · Soa Audit+2
Published
2025-08-12
·
Updated
2025-08-12
·
CVE-2024-41985
CVSS v3.1
7.3
High
| Vector | AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
SmartClient Opcenter QL Home (SC) versions 13.2 through 2505
SmartClient SOA Audit versions 13.2 through 2505
SmartClient SOA Cockpit versions 13.2 through 2505
Description:
The affected application does not expire sessions upon user inactivity, potentially allowing an attacker to gain unauthorized access.
Recommendations:
SmartClient Opcenter QL Home (SC) versions 13.2 through 2505: Ensure session expiration is implemented to mitigate unauthorized access risks.
SmartClient SOA Audit versions 13.2 through 2505: Ensure session expiration is implemented to mitigate unauthorized access risks.
SmartClient SOA Cockpit versions 13.2 through 2505: Ensure session expiration is implemented to mitigate unauthorized access risks.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opcenter Ql Home
Soa Audit
Soa Cockpit